EP3375673B1 - Safety method for a safety system of a vehicle - Google Patents

Safety method for a safety system of a vehicle Download PDF

Info

Publication number
EP3375673B1
EP3375673B1 EP18160885.2A EP18160885A EP3375673B1 EP 3375673 B1 EP3375673 B1 EP 3375673B1 EP 18160885 A EP18160885 A EP 18160885A EP 3375673 B1 EP3375673 B1 EP 3375673B1
Authority
EP
European Patent Office
Prior art keywords
security
vehicle
access device
data unit
user data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP18160885.2A
Other languages
German (de)
French (fr)
Other versions
EP3375673A1 (en
Inventor
Kai Magnus OBERBECKMANN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huf Huelsbeck and Fuerst GmbH and Co KG
Original Assignee
Huf Huelsbeck and Fuerst GmbH and Co KG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huf Huelsbeck and Fuerst GmbH and Co KG filed Critical Huf Huelsbeck and Fuerst GmbH and Co KG
Publication of EP3375673A1 publication Critical patent/EP3375673A1/en
Application granted granted Critical
Publication of EP3375673B1 publication Critical patent/EP3375673B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • B60R25/241Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user whereby access privileges are related to the identifiers
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • B60R25/245Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user where the antenna reception area plays a role
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • B60R25/248Electronic key extraction prevention
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the present invention relates to a safety method for a safety system of a vehicle according to the preamble of the independent method claim.
  • the invention also relates to a security system according to the preamble of the independent device claim.
  • a portable access device for example a smartphone or an ID transmitter
  • a safety-relevant function is, for example, the granting of access to the vehicle or an authorization to start the engine.
  • a security system of the vehicle can be provided which, for example, carries out and / or evaluates data transmission between the vehicle and the access device.
  • Evaluation of the data transmission can, for example, measure a distance between the access device and the vehicle and / or an approach of the access device can be detected.
  • the security-related function can only be activated when the access device is in the vicinity of the vehicle. This enables, for example, the provision of a passive access system (keyless entry system).
  • connection-related data transmission to ensure security when the function is activated. For example, authentication can then take place when the connection is established.
  • connection setup can only be carried out in a costly, inflexible and complicated manner. It may also be a technical challenge to adequately limit connection interruptions and / or connection errors in connection-related data transmission.
  • connectionless communication can also be used for data transmission.
  • connectionless data transmission has the disadvantage that the transmitted data packets are not easily protected against manipulation and are usually addressed to everyone. In other words, the integrity of the transmitted data may not be adequately ensured or it may only be ensured in a technically complex manner.
  • passive security in particular access systems, which use the received power during data transmission as a reference point for the approach of an access device, this can lead to the wrong device being detected for a distance measurement
  • DE 10 2013 224 330 A1 discloses a method and system for detecting approach of a terminal to a vehicle based on the signal strength information received over a Bluetooth low energy transmit channel (BLE).
  • BLE Bluetooth low energy transmit channel
  • a security system in particular an access system
  • the possibility of authenticating oneself via an access device in the vehicle should be simplified and improved.
  • the object is achieved in particular by a security method for a security system, in particular an access system, of a vehicle, for activating at least one security-relevant function in the vehicle according to claim 1 and by a method according to claim 13.
  • the detection of the approach of the access device and / or the construction / implementation of the data transmission can preferably be initiated automatically by the vehicle. For example, a wake-up signal can be sent out for this purpose and / or at least one proximity sensor of the vehicle can be evaluated in order to initiate the data transmission. In this way a passive access system can be provided. Alternatively or additionally, the data transmission can also be initiated by the access device.
  • the portable (in particular mobile) access device is designed as an identification transmitter (ID transmitter) and / or as a communication device such as a smartphone or laptop, in particular a cellular communication device, preferably with a cellular radio interface.
  • ID transmitter identification transmitter
  • the access device preferably comprises a radio interface, in particular a Bluetooth interface, preferably a Bluetooth low energy interface, for carrying out the data transmission.
  • the data transmission is preferably implemented as a connectionless data transmission between the access device and the vehicle, so that, for example, the data (packets) transmitted thereby are not (necessarily or always) authenticated in a forgery-proof manner.
  • the data transmission is carried out as a Bluetooth, in particular Bluetooth Low Energy, data transmission, in particular in the so-called Bluetooth advertising mode (in contrast to the connection mode for connection-based Bluetooth communication, between at least two specified partners / devices).
  • the data can be transmitted via broadcasting communication (to anyone or to each partner / device). This has the advantage that the data transmission can be carried out in a simple and quick manner, in particular without complex connection establishment.
  • the "vehicle-side" assignment is understood to mean that the assignment is made by the vehicle, in particular by the security system, preferably by vehicle electronics, preferably by an evaluation according to the security mechanism, for example by using a verification key and / or by a comparison of the security feature with at least one specification (for example an assignment table).
  • the checking and / or assignment can take place independently of the communication channel, ie only on the basis of the data of the data unit received by the vehicle. This has the advantage that, regardless of the security precautions in the data transmission as such, ie in particular in the case of the communication channel, integrity and authorship of the data unit can be guaranteed and the data unit can be reliably assigned to the access device.
  • an assignment on the vehicle side is also understood to mean further communication of the vehicle, in particular via the Internet, for example with a server or another device.
  • An assignment table can then be called up, for example, from the server or further device and / or the actual assignment can be made on the basis of the security feature.
  • the vehicle-side assignment of the access device can be carried out on the basis of the (useful) data of the data unit, for example by evaluating the security feature and / or at least one piece of useful data information assigned to the security feature.
  • the security feature and / or the user data information is specific for the access device, i. H. allows reliable conclusions to be drawn about the access device.
  • the security feature is designed as an electronic, in particular digital, signature, for example in accordance with a digital signature method (as a security mechanism).
  • the security feature can preferably be specific to the access device and / or the security mechanism, in particular be cryptographically permanently assigned to the access device and / or the security mechanism, and is preferably generated on the basis of a secret signature key. For example, on the basis of a public verification key (by processing the security feature) the assignment of the data unit to the access device, i. H. the authorship and integrity of the data unit, must be confirmed.
  • the security feature can be designed as a device-specific, ie for example manufacturer-specific, feature for the access device or can be determined on the basis of such a feature.
  • the feature includes, for example, manufacturer-specific data of the access device.
  • the security feature can be generated in that a randomized encryption algorithm is applied to this data.
  • the data can then be transmitted as useful data information of the data unit.
  • the at least one data unit can then be assigned to a specific access device.
  • the data transmission does not take place as a connection-dependent transmission of the data unit, but rather as a connectionless, and thus preferably also unencrypted, transmission.
  • An unencrypted transmission is understood to mean that the communication channel itself is unencrypted (whereas the user data, for example at the application level, can possibly also be encrypted or cryptographically secured).
  • the activation of the function can be secured very flexibly and reliably by the security mechanism in that a (preferably cryptographic) security is provided by the security feature, in particular at the user data or application level.
  • the security feature and / or user data information secured by the security feature is specific for the access device, in particular hardware-specific and / or manufacturer-specific. This allows, in particular in contrast to a simple connection-related transmission of a code, a device-specific assignment of the data unit.
  • the security feature when checking, not (only) the content of the user data of the data unit is checked, but also the integrity of the data transmission on the basis of the security feature. In other words, it can be checked whether the transmitted data unit originates correctly and unmodified from the authorized access device, and thus data integrity and authenticity is present.
  • the function can preferably be activated on the basis of the data transmission in that the (useful) data transmitted during the data transmission and / or information from the at least one communication interface used for this purpose are evaluated.
  • a signal strength at a receiving interface (ie, for example, at a receiving node) of the vehicle can be evaluated as such information.
  • the signal strength can be evaluated in such a way that distance information about a distance between the vehicle and the access device is determined and / or localization is carried out. This makes it possible, for example To use distance information and / or localization for the decision whether the safety-relevant function should be activated or not.
  • the security mechanism may be designed as a mechanism to ensure security and / or integrity and / or authenticity during data transmission, and preferably to include and / or parameterize a cryptographic signature method for determining a digital signature.
  • the security mechanism is specified in that at least one secret signature key and at least one public verification key and / or a table (assignment table) with device-specific information for different access devices to determine authorized access devices is specified and / or pre-stored for the security mechanism, in particular in the vehicle is saved permanently.
  • the device-specific information is in the form of hardware codes, so that a comparison of the device-specific information with transmitted user data information allows the data unit to be assigned to a specific access device.
  • the security feature can then be used to assess the integrity and / or authenticity of the user data information.
  • the security feature can also already include the user data information so that, for example, a separate transmission of the user data information (in plain text) can be dispensed with. This is the case, for example, when the user data information is encrypted and then transmitted in encrypted form as a security feature of the data unit.
  • ensuring the integrity preferably includes checking the correct content and / or an unmodified state and / or recognizing modifications and / or checking the temporal correctness of the data unit.
  • the vehicle is designed as a motor vehicle and / or as an electric vehicle and / or as a hybrid vehicle and / or as a self-driving vehicle and / or as a passenger vehicle.
  • the vehicle comprises at least part of the security system, for example as an active or passive access system and / or keyless go system or the like.
  • the data transmission is carried out unidirectionally and / or connectionlessly via radio communication technology, in particular via Bluetooth or Bluetooth Low Energy, preferably via a cryptographically unprotected communication channel, so that cryptographic protection is at least essentially (or primarily or exclusively) is provided by the security feature and / or the security mechanism.
  • the data transmission is connectionless and / or unidirectional, so that preferably the access device as a transmitter and the security system on the vehicle, in particular at least one receiving node, are uncoupled as a receiver, and / or several receivers are simultaneously (or staggered) can receive the data unit (ie also other data units with the same content, possibly sent at different times).
  • an unprotected communication channel is understood to mean that the communication channel itself (e.g. at the transport level or in relation to the control and / or protocol information) is unencrypted or only weakly protected, so that cryptographic security is primarily implemented by adapting the user data .
  • the data unit or the useful data of the data unit can be transmitted in plain text and / or by broadcast.
  • the activation of the security-relevant function according to step d) takes place as a function of at least the check result and / or a signal strength when the data unit is transmitted, a distance between the access device and the vehicle preferably being determined on the basis of the signal strength, and the safety-relevant function is only activated when the distance is sufficiently small.
  • a check of the check result offers the additional security that only an authorized and / or authenticated access device can be used to activate the function at a sufficiently short distance.
  • the signal strength can be determined on the basis of Received Signal Strength Indication (RSSI) data, in particular in the case of a receiving node in the vehicle, which is in particular designed as a Bluetooth interface.
  • RSSI Received Signal Strength Indication
  • the data unit comprises at least one piece of useful data information and, on the basis of the useful data information, the data unit on the vehicle side is assigned to the access device, the security feature (according to step a)) being determined on the basis of the user data information so that the user data information is signed for cryptographic protection of this assignment.
  • the security feature can then be checked by evaluating the security feature.
  • the security feature can be checked using a verification key.
  • the user data information can also be checked (or decrypted) on the basis of the security feature (or the verification key).
  • the check value can preferably be correlated with the user data information in such a way that the check value must have a predetermined result in order to confirm the user data information.
  • a security and / or encryption algorithm can be applied to the user data information and / or the security feature in such a way that the integrity can be checked by comparing the security feature with the user data information.
  • the security mechanism and / or checking the correctness and / or integrity and / or authorship of the user data information and / or checking according to step c) can at least partially use a symmetrical and / or asymmetric cryptographic method, for example a randomized encryption algorithm and / or an RSA signature method.
  • the user data information comprises at least one device-specific information item, in particular a device address of the access device, preferably a Bluetooth device address, the security feature (according to step a)) being preferably determined on the basis of the device-specific information, so that preferably (according to step c)) the device-specific information is authenticated and / or the data unit is assigned to the access device on the basis of the device-specific information.
  • the device address or Bluetooth device address is offset against an IRK key (Identity Resolving Key).
  • the device-specific information is preferably compared with specified information (for example an allocation table) and the check result is only defined as positive if there is a match, so that the safety-relevant function can be activated.
  • the unencrypted transmission relates in particular only to the data transmission (i.e. in particular to the transport level). It is thus possible that connectionless transmission can also be used in order to increase the reliability and efficiency of the security system.
  • the security feature and / or the user data information is cryptographically verified, preferably using at least one verification specification, such as a verification key, of the security mechanism, preferably using a verification algorithm and / or a verification key.
  • the verification key is preferably pre-stored in the vehicle, for example in a non-volatile data memory of the vehicle.
  • the verification key is particularly preferably cryptographically protected in order to prevent manipulation or unauthorized reading.
  • step c) a positive check result is determined if the authenticity of the access device and / or the integrity of the data unit is successfully determined on the basis of the transmitted security feature, whereby preferably in step d) the activation (the safety-relevant function) only takes place if the check result is positive.
  • the at least one data unit is transmitted unencrypted, at least on a transport-oriented level, and thus preferably at least one unencrypted control and / or protocol information item and / or at least partially unencrypted user data, in particular with at least one unencrypted user data item , wherein the data unit is preferably designed as a data packet, and the useful data preferably include at least the security feature in unencrypted form.
  • the security feature is not necessary during data transmission (so that it can be present in the data unit in unencrypted form), since the security feature has already been determined by a cryptographic algorithm. A particularly reliable and simpler security check can thus be implemented.
  • the data unit and / or data transmission is encrypted on the application-oriented level in accordance with the security mechanism.
  • This includes z. B. an application layer according to the OSI model.
  • the transport-oriented level includes, for example, the data link layer or the layers below the application layer or session layer according to the OSI model.
  • the security mechanism comprises at least one cryptographic method in order to preferably determine at least one assignment, in particular an authenticity, of the data unit (to the access device), the cryptographic method preferably being a digital signature method and / or based on at least one random value and / or rolling code is carried out.
  • the security feature can preferably be implemented as a code in accordance with a rolling code method.
  • a shared secret such as a symmetrical key
  • the sender transmits a constantly changing code to the receiver for verification (verification).
  • a so-called Keeloq algorithm is used for this.
  • a further advantage can be that the security feature and / or a piece of useful data information is specific for the access device, in particular in that the
  • Security feature and / or the user data information is determined directly or indirectly on the basis of device-specific information, in particular a device identifier, preferably an identity resolving key, of the access device.
  • device-specific information in particular a device identifier, preferably an identity resolving key, of the access device.
  • the device-specific information can be or will be uniquely assigned to an access device, and in particular be permanently stored in the access device. The security in the process can thus be further improved.
  • a localization of the access device in particular distance information measured by the data transmission, preferably a measurement result of a distance measurement, preferably a signal strength measurement, is checked, in particular authenticated, on the basis of the security feature, with the Distance information is transmitted as at least one piece of useful data information of the data unit (in particular in step b)).
  • the determination of the security feature takes place differently for different data units, preferably using a randomized encryption algorithm and / or a random value and / or a counter and / or the like.
  • the security for activating the function can thus be further increased.
  • the counter can generate consecutive numbering or the like, in particular by a counter unit (counter), for example to provide a rolling code.
  • the safety-relevant function may include at least a first function, in particular enabling access to the vehicle, and / or at least one second function, in particular enabling an engine management system of the vehicle, with the first function preferably only being activated then is when a minimum distance between the access device and the vehicle is detected on the basis of a localization, and preferably the second function is only activated when the access device is detected in the interior of the vehicle on the basis of the localization.
  • At least two or three or more receiving nodes of the vehicle are provided in order to preferably receive the data unit and / or carry out the data transmission, the receiving node and / or the data transmission being dependent on the reception and / or the data transmission. or a check of the integrity of the respectively received data units, a localization of the access device is carried out, and preferably the at least one security-relevant function is activated as a function of the localization.
  • the different signal strength signals of the individual receiving nodes can be used to carry out a particularly precise localization of the access device.
  • triangulation or the like can be used for localization (positioning).
  • a localization is carried out by a distance measurement, in particular a signal strength measurement, based on the data transmission at different receiving nodes of the vehicle, in particular based on the measured distance of the respective receiving nodes to the access device, the results of the distance measurement for the localization preferably being compared with one another become.
  • a distance measurement in particular a signal strength measurement
  • the results of the distance measurement for the localization preferably being compared with one another become.
  • additional location data for example from a GPS (Global Positioning System), can preferably also be used, in particular to increase the location accuracy.
  • the data transmission takes place via a public advertising and / or broadcast mode, in particular a Bluetooth communication technology (ie also Bluetooth Low Energy), so that the transmitted user data, in particular also the security feature, is public can be evaluated and / or read, preferably by all receiving nodes of the vehicle. It is therefore basically conceivable that the transmitted user data of the data unit (s) can be intercepted and read out.
  • the security mechanism provides the actual protection to ensure the integrity of the data unit. In particular, the data transmission can only take place unidirectionally.
  • user data information of the data unit contains at least the security feature and at least one security code for the security system, in particular an access system, wherein the activation according to step d) preferably takes place as a function of the security code.
  • the security system can authenticate using the data unit.
  • the invention also relates to a security system for a vehicle for activating at least one security-relevant function in the vehicle on the basis of at least one data transmission between a portable access device and the vehicle according to claim 13.
  • the security system according to the invention thus has the same advantages as has been described in detail with reference to a security method according to the invention.
  • the security system can be suitable to be operated according to a security method according to the invention.
  • the processing device is designed to carry out a security method according to the invention.
  • the at least one receiving node can be arranged on and / or in the vehicle, preferably permanently attached.
  • the receiving nodes can each have at least one antenna, in particular a Bluetooth antenna, and / or each be designed as a Bluetooth interface, preferably a Bluetooth low energy interface.
  • At least one first receiving node on the rear of the vehicle and / or at least one second receiving node in a door handle of the vehicle and / or at least one third receiving node in the vehicle interior and / or at least one fourth receiving node in the front area of the vehicle are provided, so that preferably Depending on a distance between the access device and the respective receiving node, the access device can be localized on the basis of the data transmission.
  • the access device can be localized on the basis of the data transmission.
  • FIG. 1 a security system 200 according to the invention is shown schematically.
  • a vehicle 1 is shown which has at least one receiving node 210 for carrying out a data transmission D in the vehicle 1.
  • the data transmission D serves to detect the presence and / or approach of an access device 10 and / or a localization of the access device 10 and / or perform an authentication. In this way, the access device 10 can be used to activate a security-relevant function in the vehicle 1. For this purpose, for example, an authorized access device 10 is brought into the vicinity of the vehicle 1.
  • the data transmission D is carried out.
  • This data transmission D then serves in particular to transmit at least one data unit 50 from the access device 10 to the vehicle 1.
  • the data transmission D is preferably carried out unencrypted and / or without a connection.
  • a plurality of receiving nodes 210 of the vehicle 1 can also be provided.
  • at least a first receiving node 210a and / or a second receiving node 210b and / or a third receiving node 210c and / or a fourth receiving node 210d can be attached to different positions of the vehicle 1. Possible positions are, for example, the vehicle interior and / or a door handle 2 and / or a rear area of the vehicle 1.
  • a processing device 220 can be provided, for example. This can also be suitable, for example, to at least partially carry out the security method 100 according to the invention, in particular to carry out a check of the data unit 50.
  • a security method 100 according to the invention is schematically visualized, in particular by the representative representation of a data unit 50.
  • at least one security feature 60 is determined in accordance with a predetermined security mechanism.
  • the data transmission D is carried out so that at least one data unit 50 with at least the security feature 60 and / or useful data information 70 is transmitted from the access device 10 to the vehicle 1.
  • the transmitted data unit 50 can be checked on the basis of the transmitted security feature 60 according to FIG Safety mechanism take place in order to assign the data unit 50 on the vehicle side to the access device 10, so that a check result is determined.
  • the user data information 70 can also be evaluated as device-specific information 70 of the data unit 50.
  • several receiving nodes 210 of the vehicle 1 can be provided, which the at least one data unit 50 can receive. This enables the access device 10 to be reliably localized on the basis of information obtained at the respective receiving nodes 210 (such as a signal strength of the respective data transmission to the respective receiving nodes 210).
  • the safety-relevant function can thus be activated in a simple and secure manner as a function of at least the check result.

Landscapes

  • Engineering & Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)

Description

Die vorliegende Erfindung betrifft ein Sicherheitsverfahren für ein Sicherheitssystem eines Fahrzeuges nach dem Oberbegriff des unabhängigen Verfahrensanspruchs. Ferner bezieht sich die Erfindung auf ein Sicherheitssystem nach dem Oberbegriff des unabhängigen Vorrichtungsanspruchs.The present invention relates to a safety method for a safety system of a vehicle according to the preamble of the independent method claim. The invention also relates to a security system according to the preamble of the independent device claim.

Es ist aus dem Stand der Technik bekannt, dass ein tragbares Zugangsgerät, bspw. ein Smartphone oder ein ID-Geber, zur Aktivierung einer sicherheitsrelevanten Funktion bei einem Fahrzeug genutzt werden kann. Eine solche Funktion ist bspw. die Gewährung eines Zugangs bei dem Fahrzeug oder eine Autorisierung eines Motorstarts. Hierzu kann ein Sicherheitssystem des Fahrzeuges vorgesehen sein, welches bspw. eine Datenübertragung zwischen dem Fahrzeug und dem Zugangsgerät durchführt und/oder auswertet. Durch dieIt is known from the prior art that a portable access device, for example a smartphone or an ID transmitter, can be used to activate a safety-relevant function in a vehicle. Such a function is, for example, the granting of access to the vehicle or an authorization to start the engine. For this purpose, a security system of the vehicle can be provided which, for example, carries out and / or evaluates data transmission between the vehicle and the access device. Through the

Auswertung der Datenübertragung kann bspw. ein Abstand des Zugangsgeräts zum Fahrzeug gemessen werden und/oder eine Annäherung des Zugangsgeräts detektiert werden. Bspw. kann die Aktivierung der sicherheitsrelevanten Funktion nur dann erfolgen, wenn sich das Zugangsgerät in der Nähe zum Fahrzeug befindet. Dies ermöglicht bspw. die Bereitstellung eines passiven Zugangssystems (Keyless-Entry-Systems).Evaluation of the data transmission can, for example, measure a distance between the access device and the vehicle and / or an approach of the access device can be detected. For example, the security-related function can only be activated when the access device is in the vicinity of the vehicle. This enables, for example, the provision of a passive access system (keyless entry system).

Herkömmliche Sicherheitssysteme nutzen dabei eine "verbindungsbehaftete Datenübertragung", um die Sicherheit bei der Aktivierung der Funktion zu gewährleisten. Bspw. kann dann beim Verbindungsaufbau eine Authentifizierung erfolgen. Hierbei hat sich allerdings der Nachteil herausgestellt, dass eine solche Datenübertragung, insbesondere der Verbindungsaufbau, nur aufwendig, unflexibel und kompliziert durchgeführt werden kann. Ggf. kann es auch eine technische Herausforderung sein, bei einer verbindungsbehafteten Datenübertragung Verbindungsabbrüche und/oder Verbindungsfehler hinreichend zu beschränken.Conventional security systems use "connection-related data transmission" to ensure security when the function is activated. For example, authentication can then take place when the connection is established. Here, however, the disadvantage has turned out that such a data transmission, in particular the connection setup, can only be carried out in a costly, inflexible and complicated manner. It may also be a technical challenge to adequately limit connection interruptions and / or connection errors in connection-related data transmission.

Grundsätzlich kann für eine Datenübertragung auch eine "verbindungslose Kommunikation" genutzt werden. Die Nutzung einer verbindungslosen Datenübertragung hat allerdings den Nachteil, dass die übertragenen Datenpakte nicht ohne Weiteres hinreichend vor Manipulation geschützt sind und üblicherweise an alle gerichtet sind. Mit anderen Worten ist die Integrität der übertragenen Daten ggf. nicht ausreichend sichergestellt oder nur technisch aufwendig zu gewährleisten. Bei passiven Sicherheits- insbesondere Zugangssystemen, welche die Empfangsleistung bei der Datenübertragung als Anhaltspunkt für die Annäherung eines Zugangsgerätes nutzen, kann dies dazu führen, dass das falsche Gerät für eine Abstandsmessung erfasst wirdIn principle, "connectionless communication" can also be used for data transmission. However, the use of connectionless data transmission has the disadvantage that the transmitted data packets are not easily protected against manipulation and are usually addressed to everyone. In other words, the integrity of the transmitted data may not be adequately ensured or it may only be ensured in a technically complex manner. In the case of passive security, in particular access systems, which use the received power during data transmission as a reference point for the approach of an access device, this can lead to the wrong device being detected for a distance measurement

DE 10 2013 224 330 A1 offenbart ein Verfahren und System zum Erkennen von Annäherung eines Endgeräts an ein Fahrzeug, das auf der Information über eine Signalstärke basiert, die über einen Bluetooth-Sendekanal von geringer Energie (BLE) empfangen wird. DE 10 2013 224 330 A1 discloses a method and system for detecting approach of a terminal to a vehicle based on the signal strength information received over a Bluetooth low energy transmit channel (BLE).

Es ist daher eine Aufgabe der vorliegenden Erfindung, die voranstehend beschriebenen Nachteile zumindest teilweise zu beheben. Insbesondere ist es eine Aufgabe der vorliegenden Erfindung, eine zuverlässigere und/oder sicherere Authentifizierung und/oder Abstandsmessung und/oder Datenübertragung bei einem Sicherheitssystem, insbesondere Zugangssystem, eines Fahrzeuges bereitzustellen. Vorzugsweise soll dabei die Möglichkeit, sich via Zugangsgerät beim Fahrzeug (insbesondere kontaktlos / per Funk) zu authentifizieren, vereinfacht und verbessert werden.It is therefore an object of the present invention to at least partially remedy the disadvantages described above. In particular, it is an object of the present invention to provide a more reliable and / or more secure authentication and / or distance measurement and / or data transmission in a security system, in particular an access system, of a vehicle. Preferably, the possibility of authenticating oneself via an access device in the vehicle (in particular contactless / by radio) should be simplified and improved.

Die voranstehende Aufgabe wird gelöst durch ein Sicherheitsverfahren mit sämtlichen Merkmalen des unabhängigen Verfahrensanspruchs und durch ein Sicherheitssystem mit sämtlichen Merkmalen des unabhängigen Systemanspruchs. Weitere Merkmale und Details der Erfindung ergeben sich aus den jeweiligen Unteransprüchen, der Beschreibung und den Zeichnungen. Dabei gelten Merkmale und Details, die im Zusammenhang mit dem erfindungsgemäßen Sicherheitsverfahren beschrieben sind, selbstverständlich auch im Zusammenhang mit dem erfindungsgemäßen Sicherheitssystem, und jeweils umgekehrt, so dass bezüglich der Offenbarung zu den einzelnen Erfindungsaspekten stets wechselseitig Bezug genommen wird bzw. werden kann.The above object is achieved by a security method with all the features of the independent method claim and by a security system with all the features of the independent system claim. Further features and details of the invention emerge from the respective subclaims, the description and the drawings. Features and details that are described in connection with the security method according to the invention naturally also apply in connection with the security system according to the invention, and vice versa, so that with regard to the disclosure of the individual aspects of the invention, reference is or can always be made to each other.

Die Aufgabe wird insbesondere gelöst durch ein Sicherheitsverfahren für ein Sicherheitssystem, insbesondere Zugangssystem, eines Fahrzeuges, zur Aktivierung wenigstens einer sicherheitsrelevanten Funktion bei dem Fahrzeug gemäß Anspruch 1 sowie durch ein Verfahren gemäß Anspruch 13.The object is achieved in particular by a security method for a security system, in particular an access system, of a vehicle, for activating at least one security-relevant function in the vehicle according to claim 1 and by a method according to claim 13.

Bspw. kann dabei die sicherheitsrelevante Funktion wenigstens eine der nachfolgenden Funktionen umfassen:

  • Eine Freigabe eines Zugangs zum Fahrzeug, vorzugsweise die Aktivierung eines Schließsystems des Fahrzeuges für einen Benutzer, bspw. ein Entriegeln des Fahrzeuges, vorzugsweise automatisch und/oder nur dann, wenn das Zugangsgerät innerhalb eines vorgegebenen Maximalabstands zum Fahrzeug lokalisiert wird,
  • eine Freigabe eines Motormanagementsystems des Fahrzeuges, insbesondere eine Freigabe eines Motorstarts, vorzugsweise automatisch und/oder nur dann, wenn das Zugangsgerät und/oder der Benutzer im Fahrzeuginnenraum lokalisiert wird,
  • eine Deaktivierung einer Alarmanlage des Fahrzeuges, vorzugsweise automatisch und/oder nur dann, wenn das Zugangsgerät innerhalb eines Maximalabstands zum Fahrzeug lokalisiert wird,
  • eine Verriegelung des Fahrzeuges, insbesondere automatisch und/oder nur dann, wenn das Zugangsgerät außerhalb eines Maximalabstands zum Fahrzeug lokalisiert wird.
For example, the safety-relevant function can include at least one of the following functions:
  • A release of access to the vehicle, preferably the activation of a locking system of the vehicle for a user, e.g. an unlocking of the vehicle, preferably automatically and / or only when the access device is located within a predetermined maximum distance from the vehicle,
  • a release of an engine management system of the vehicle, in particular a release of an engine start, preferably automatically and / or only when the access device and / or the user is located in the vehicle interior,
  • deactivation of an alarm system in the vehicle, preferably automatically and / or only when the access device is located within a maximum distance from the vehicle,
  • locking of the vehicle, in particular automatically and / or only when the access device is located outside of a maximum distance from the vehicle.

Vorzugsweise kann die Detektion der Annäherung des Zugangsgerätes und/oder der Aufbau / das Durchführen der Datenübertragung automatisch durch das Fahrzeug initiiert werden. Bspw. kann hierzu ein Wecksignal ausgesendet werden und/oder wenigstens ein Annäherungssensor des Fahrzeuges ausgewertet werden, um die Datenübertragung zu initiieren. Auf diese Weise kann ein passives Zugangssystem bereitgestellt werden. Alternativ oder zusätzlich kann die Datenübertragung auch durch das Zugangsgerät initiiert werden.The detection of the approach of the access device and / or the construction / implementation of the data transmission can preferably be initiated automatically by the vehicle. For example, a wake-up signal can be sent out for this purpose and / or at least one proximity sensor of the vehicle can be evaluated in order to initiate the data transmission. In this way a passive access system can be provided. Alternatively or additionally, the data transmission can also be initiated by the access device.

Es ist denkbar, dass das tragbare (insbesondere mobile) Zugangsgerät als ein Identifikationsgeber (ID-Geber) und/oder als ein Kommunikationsgerät, wie ein Smartphone oder Laptop, insbesondere Mobilfunkkommunikationsgerät, vorzugsweise mit einer Mobilfunkschnittstelle ausgeführt ist. Dies ermöglicht eine komfortable und flexible sowie kostengünstige Aktivierung der Funktion. Vorzugsweise umfasst das Zugangsgerät dabei zur Durchführung der Datenübertragung eine Funkschnittstelle, insbesondere eine Bluetooth-Schnittstelle, bevorzugt eine Bluetooth Low Energy Schnittstelle.It is conceivable that the portable (in particular mobile) access device is designed as an identification transmitter (ID transmitter) and / or as a communication device such as a smartphone or laptop, in particular a cellular communication device, preferably with a cellular radio interface. This enables comfortable, flexible and inexpensive activation of the function. The access device preferably comprises a radio interface, in particular a Bluetooth interface, preferably a Bluetooth low energy interface, for carrying out the data transmission.

Bevorzugt ist dabei die Datenübertragung als eine verbindungslose Datenübertragung zwischen dem Zugangsgerät und dem Fahrzeug ausgeführt, sodass bspw. die dadurch übertragenen Daten (Pakete) nicht (zwangsläufig oder stets) fälschungssicher authentisiert sind.The data transmission is preferably implemented as a connectionless data transmission between the access device and the vehicle, so that, for example, the data (packets) transmitted thereby are not (necessarily or always) authenticated in a forgery-proof manner.

Bspw. wird die Datenübertragung als eine Bluetooth-, insbesondere Bluetooth Low Energy-, Datenübertragung durchgeführt, insbesondere im sogenannten Bluetooth Advertising Mode (im Gegensatz zum Connection-Mode bei verbindungsbehafteter Bluetooth Kommunikation, zwischen zumindest zwei vorgegebenen Partnern/Geräten). Mit anderen Worten kann die Datenübertragung über eine Broadcasting-Kommunikation (an jedermann bzw. jeden Partner/Gerät) erfolgen. Dies hat den Vorteil, dass in einfacher und schneller Weise, insbesondere ohne aufwendigen Verbindungsaufbau, die Datenübertragung durchgeführt werden kann.For example, the data transmission is carried out as a Bluetooth, in particular Bluetooth Low Energy, data transmission, in particular in the so-called Bluetooth advertising mode (in contrast to the connection mode for connection-based Bluetooth communication, between at least two specified partners / devices). In other words, the data can be transmitted via broadcasting communication (to anyone or to each partner / device). This has the advantage that the data transmission can be carried out in a simple and quick manner, in particular without complex connection establishment.

Unter der "fahrzeugseitigen" Zuordnung wird dabei insbesondere verstanden, dass die Zuordnung durch das Fahrzeug erfolgt, insbesondere durch das Sicherheitssystem, bevorzugt durch eine Fahrzeugelektronik, vorzugsweise durch eine Auswertung gemäß dem Sicherheitsmechanismus, bspw. durch eine Nutzung eines Verifikationsschlüssels und/oder durch einen Vergleich des Sicherheitsmerkmals mit wenigstens einer Vorgabe (bspw. einer Zuordnungstabelle). Insbesondere kann das Überprüfen und/oder Zuordnen dabei unabhängig vom Kommunikationskanal erfolgen, d. h. nur anhand der durch das Fahrzeug empfangenen Daten der Dateneinheit. Dies hat den Vorteil, dass unabhängig von den Sicherheitsvorkehrungen bei der Datenübertragung als solche, d. h. insbesondere bei dem Kommunikationskanal, eine Integrität und Urheberschaft der Dateneinheit gewährleistet und die Dateneinheit zuverlässig dem Zugangsgerät zugeordnet werden kann.The "vehicle-side" assignment is understood to mean that the assignment is made by the vehicle, in particular by the security system, preferably by vehicle electronics, preferably by an evaluation according to the security mechanism, for example by using a verification key and / or by a comparison of the security feature with at least one specification (for example an assignment table). In particular, the checking and / or assignment can take place independently of the communication channel, ie only on the basis of the data of the data unit received by the vehicle. This has the advantage that, regardless of the security precautions in the data transmission as such, ie in particular in the case of the communication channel, integrity and authorship of the data unit can be guaranteed and the data unit can be reliably assigned to the access device.

Auch kann es dabei möglich sein, dass unter einer fahrzeugseitigen Zuordnung auch eine weitere Kommunikation des Fahrzeuges, insbesondere über das Internet, bspw. mit einem Server oder einem weiteren Gerät, verstanden wird. Von dem Server oder weiteren Gerät kann dann bspw. eine Zuordnungstabelle abgerufen werden und/oder die eigentliche Zuordnung anhand des Sicherheitsmerkmals vorgenommen werden.It can also be possible that an assignment on the vehicle side is also understood to mean further communication of the vehicle, in particular via the Internet, for example with a server or another device. An assignment table can then be called up, for example, from the server or further device and / or the actual assignment can be made on the basis of the security feature.

Es ist dabei denkbar, dass die fahrzeugseitige Zuordnung des Zugangsgerätes anhand der (Nutz-) Daten der Dateneinheit durchgeführt werden kann, bspw. durch eine Auswertung des Sicherheitsmerkmals und/oder wenigstens einer dem Sicherheitsmerkmal zugeordneten Nutzdateninformation. Hierzu ist das Sicherheitsmerkmal und/oder die Nutzdateninformation für das Zugangsgerät spezifisch, d. h. lässt zuverlässig Rückschlüsse auf das Zugangsgerät zu.It is conceivable that the vehicle-side assignment of the access device can be carried out on the basis of the (useful) data of the data unit, for example by evaluating the security feature and / or at least one piece of useful data information assigned to the security feature. For this purpose, the security feature and / or the user data information is specific for the access device, i. H. allows reliable conclusions to be drawn about the access device.

Erfindungsgemäß ist das Sicherheitsmerkmal als eine elektronische, insbesondere digitale, Signatur ausgeführt sein, bspw. gemäß einem digitalen Signaturverfahren (als Sicherheitsmechanismus). Bevorzugt kann das Sicherheitsmerkmal für das Zugangsgerät und/oder den Sicherheitsmechanismus spezifisch sein, insbesondere kryptografisch fest dem Zugangsgerät und/oder dem Sicherheitsmechanismus zugeordnet sein, und wird vorzugsweise anhand eines geheimen Signaturschlüssels generiert. Bspw. kann anhand eines öffentlichen Verifikationsschlüssel (durch eine Verarbeitung des Sicherheitsmerkmals) die Zuordnung der Dateneinheit zum Zugangsgerät, d. h. die Urheberschaft und Integrität der Dateneinheit, bestätigt werden.According to the invention, the security feature is designed as an electronic, in particular digital, signature, for example in accordance with a digital signature method (as a security mechanism). The security feature can preferably be specific to the access device and / or the security mechanism, in particular be cryptographically permanently assigned to the access device and / or the security mechanism, and is preferably generated on the basis of a secret signature key. For example, on the basis of a public verification key (by processing the security feature) the assignment of the data unit to the access device, i. H. the authorship and integrity of the data unit, must be confirmed.

Alternativ oder zusätzlich kann das Sicherheitsmerkmal als ein für das Zugangsgerät gerätespezifisches, d. h. bspw. herstellerspezifisches, Merkmal ausgeführt sein oder anhand eines solchen Merkmals bestimmt werden. Das Merkmal umfasst dabei bspw. herstellerspezifische Daten des Zugangsgeräts. Insbesondere kann das Sicherheitsmerkmal dadurch generiert werden, dass ein randomisierter Verschlüsselungsalgorithmus auf diese Daten angewendet wird. Bspw. können die Daten dann als Nutzdateninformation der Dateneinheit übertragen werden. Insbesondere ist durch eine Authentisierung dieser Daten die wenigstens eine Dateneinheit dann einem bestimmten Zugangsgerät zuzuordnen. Somit kann der Vorteil erzielt werden, dass jede Dateneinheit einzigartige Daten aufweist, welche das Zugangsgerät fälschungssicher authentifizieren. Ein Vortäuschen einer Annäherung kann damit erschwert werden, da die Dateneinheit (insbesondere Pakete) nicht wiederholt oder selbst berechnet werden können.Alternatively or additionally, the security feature can be designed as a device-specific, ie for example manufacturer-specific, feature for the access device or can be determined on the basis of such a feature. The feature includes, for example, manufacturer-specific data of the access device. In particular, the security feature can be generated in that a randomized encryption algorithm is applied to this data. For example, the data can then be transmitted as useful data information of the data unit. In particular, by authenticating this data, the at least one data unit can then be assigned to a specific access device. Thus, the advantage can be obtained that each data unit has unique data which authenticate the access device in a forgery-proof manner. This can make it more difficult to simulate an approximation, since the data unit (in particular packets) cannot be repeated or calculated itself.

Insbesondere erfolgt dabei die Datenübertragung nicht als verbindungsbehaftete Übertragung der Dateneinheit, sondern als verbindungslose, und damit vorzugsweise auch unverschlüsselte, Übertragung. Unter einer unverschlüsselten Übertragung wird dabei verstanden, dass der Kommunikationskanal selbst unverschlüsselt ist (wohingegen die Nutzdaten, bspw. auf Applikationsebene, ggf. auch verschlüsselt bzw. kryptografisch gesichert werden können). Mit anderen Worten kann eine sehr flexible und zuverlässige Absicherung der Aktivierung der Funktion durch den Sicherheitsmechanismus dadurch erfolgen, dass eine (vorzugsweise kryptografische) Sicherung durch das Sicherheitsmerkmal, insbesondere auf Nutzdaten- bzw. Applikationsebene, bereitgestellt wird.In particular, the data transmission does not take place as a connection-dependent transmission of the data unit, but rather as a connectionless, and thus preferably also unencrypted, transmission. An unencrypted transmission is understood to mean that the communication channel itself is unencrypted (whereas the user data, for example at the application level, can possibly also be encrypted or cryptographically secured). In other words, the activation of the function can be secured very flexibly and reliably by the security mechanism in that a (preferably cryptographic) security is provided by the security feature, in particular at the user data or application level.

Bspw. kann es vorgesehen sein, dass das Sicherheitsmerkmal und/oder eine durch das Sicherheitsmerkmal abgesicherte Nutzdateninformation für das Zugangsgerät spezifisch, insbesondere hardware- und/oder herstellerspezifisch, ist. Dies erlaubt, insbesondere im Gegensatz zu einem einfachen verbindungsbehafteten Übertragen eines Codes, eine gerätespezifische Zuordnung der Dateneinheit. Vorzugsweise wird dabei beim Überprüfen nicht (nur) der Inhalt der Nutzdaten der Dateneinheit überprüft, sondern auch die Integrität der Datenübertragung anhand des Sicherheitsmerkmals. Mit anderen Worten kann überprüft werden, ob die übertragene Dateneinheit korrekt und unmodifiziert vom autorisierten Zugangsgerät stammt, und somit eine Datenintegrität und Authentizität vorliegt.For example, it can be provided that the security feature and / or user data information secured by the security feature is specific for the access device, in particular hardware-specific and / or manufacturer-specific. This allows, in particular in contrast to a simple connection-related transmission of a code, a device-specific assignment of the data unit. Preferably, when checking, not (only) the content of the user data of the data unit is checked, but also the integrity of the data transmission on the basis of the security feature. In other words, it can be checked whether the transmitted data unit originates correctly and unmodified from the authorized access device, and thus data integrity and authenticity is present.

Bevorzugt kann die Aktivierung der Funktion anhand der Datenübertragung dadurch erfolgen, dass die bei der Datenübertragung übertragenen (Nutz-) Daten und/oder Informationen der dazu genutzten wenigstens einen Kommunikationsschnittstelle ausgewertet werden. Bspw. kann als eine solche Information eine Signalstärke bei einer Empfangsschnittstelle (d. h. bspw. bei einem Empfangsknoten) des Fahrzeuges ausgewertet werden. Insbesondere kann die Signalstärke derart ausgewertet werden, dass eine Abstandsinformation über einen Abstand des Fahrzeuges zum Zugangsgerät ermittelt wird und/oder eine Lokalisation durchgeführt wird. Dies ermöglicht es bspw., die Abstandsinformation und/oder Lokalisation für die Entscheidung zu nutzen, ob die sicherheitsrelevante Funktion aktiviert werden soll oder nicht.The function can preferably be activated on the basis of the data transmission in that the (useful) data transmitted during the data transmission and / or information from the at least one communication interface used for this purpose are evaluated. For example, a signal strength at a receiving interface (ie, for example, at a receiving node) of the vehicle can be evaluated as such information. In particular, the signal strength can be evaluated in such a way that distance information about a distance between the vehicle and the access device is determined and / or localization is carried out. This makes it possible, for example To use distance information and / or localization for the decision whether the safety-relevant function should be activated or not.

Weiter kann es möglich sein, dass der Sicherheitsmechanismus als ein Mechanismus zur Gewährleistung der Sicherheit und/oder Integrität und/oder Authentizität bei der Datenübertragung ausgeführt ist, und vorzugsweise ein kryptografisches Signaturverfahren für die Bestimmung einer digitalen Signatur umfasst und/oder parametrisiert. Bspw. wird der Sicherheitsmechanismus dadurch vorgegeben, dass für den Sicherheitsmechanismus wenigstens ein geheimer Signaturschlüssel und wenigstens ein öffentlicher Verifikationsschlüssel und/oder eine Tabelle (Zuordnungstabelle) mit gerätespezifischen Informationen für unterschiedliche Zugangsgeräte zur Bestimmung von autorisierten Zugangsgeräten vorgegeben und/oder vorgespeichert wird, insbesondere im Fahrzeug dauerhaft gespeichert wird. Bspw. sind die gerätespezifischen Informationen als Hardware-Codes ausgebildet, sodass ein Vergleich der gerätespezifischen Informationen mit einer übertragenen Nutzdateninformation eine Zuordnung der Dateneinheit zu einem spezifischen Zugangsgerät erlaubt. In einem weiteren Schritt kann dann das Sicherheitsmerkmal genutzt werden, um die Integrität und/oder Authentizität der Nutzdateninformation zu bewerten. Alternativ oder zusätzlich kann auch das Sicherheitsmerkmal bereits die Nutzdateninformation umfassen, sodass bspw. auf eine separate Übertragung der Nutzdateninformation (im Klartext) verzichtet werden kann. Dies ist bspw. der Fall, wenn die Nutzdateninformation verschlüsselt wird, und dann verschlüsselt als Sicherheitsmerkmal der Dateneinheit übertragen wird. Vorzugsweise umfasst dabei die Gewährleistung der Integrität die Prüfung des korrekten Inhalts und/oder eines unmodifizierten Zustands und/oder die Erkennung von Modifikationen und/oder die Prüfung der temporalen Korrektheit der Dateneinheit.It may further be possible for the security mechanism to be designed as a mechanism to ensure security and / or integrity and / or authenticity during data transmission, and preferably to include and / or parameterize a cryptographic signature method for determining a digital signature. For example, the security mechanism is specified in that at least one secret signature key and at least one public verification key and / or a table (assignment table) with device-specific information for different access devices to determine authorized access devices is specified and / or pre-stored for the security mechanism, in particular in the vehicle is saved permanently. For example, the device-specific information is in the form of hardware codes, so that a comparison of the device-specific information with transmitted user data information allows the data unit to be assigned to a specific access device. In a further step, the security feature can then be used to assess the integrity and / or authenticity of the user data information. Alternatively or additionally, the security feature can also already include the user data information so that, for example, a separate transmission of the user data information (in plain text) can be dispensed with. This is the case, for example, when the user data information is encrypted and then transmitted in encrypted form as a security feature of the data unit. In this case, ensuring the integrity preferably includes checking the correct content and / or an unmodified state and / or recognizing modifications and / or checking the temporal correctness of the data unit.

Es ist denkbar, dass das Fahrzeug als ein Kraftfahrzeug und/oder als ein Elektrofahrzeug und/oder als ein Hybridfahrzeug und/oder als ein selbstfahrendes Fahrzeug und/oder als ein Personenkraftfahrzeug ausgeführt ist. Insbesondere umfasst das Fahrzeug zumindest einen Teil des Sicherheitssystems, bspw. als ein aktives oder passives Zugangssystem und/oder Keyless-Go-System oder dergleichen.It is conceivable that the vehicle is designed as a motor vehicle and / or as an electric vehicle and / or as a hybrid vehicle and / or as a self-driving vehicle and / or as a passenger vehicle. In particular, the vehicle comprises at least part of the security system, for example as an active or passive access system and / or keyless go system or the like.

Außerdem kann es im Rahmen der Erfindung von Vorteil sein, dass die Datenübertragung unidirektional und/oder verbindungslos über eine Funk-Kommunikationstechnologie, insbesondere über Bluetooth oder Bluetooth Low Energy, durchgeführt wird, vorzugsweise über einen kryptografisch ungeschützten Kommunikationskanal, sodass ein kryptografischer Schutz zumindest im Wesentlichen (bzw. vorranging oder ausschließlich) durch das Sicherheitsmerkmal und/oder den Sicherheitsmechanismus bereitgestellt wird. Es kann möglich sein, dass die Datenübertragung verbindungslos und/oder unidirektional erfolgt, sodass bevorzugt das Zugangsgerät als Sender und das Sicherheitssystem am Fahrzeug, insbesondere wenigstens ein Empfangsknoten, als Empfänger ungekoppelt miteinander sind, und/oder auch mehrere Empfänger gleichzeitig (oder zeitlich versetzt) die Dateneinheit (d. h. auch inhaltlich gleiche, ggf. zeitlich versetzt gesendete weitere Dateneinheiten) empfangen können. Insbesondere wird dabei unter einem ungeschützten Kommunikationskanal verstanden, dass der Kommunikationskanal selbst (bspw. auf Transportebene bzw. in Bezug auf die Steuer- und/oder Protokollinformationen) unverschlüsselt oder nur schwach geschützt ist, sodass eine kryptografische Sicherung vorranging über eine Anpassung der Nutzdaten realisiert wird. Bspw. können dabei die Dateneinheit bzw. die Nutzdaten der Dateneinheit im Klartext und/oder per Broadcast übertragen werden.In addition, it can be advantageous within the scope of the invention that the data transmission is carried out unidirectionally and / or connectionlessly via radio communication technology, in particular via Bluetooth or Bluetooth Low Energy, preferably via a cryptographically unprotected communication channel, so that cryptographic protection is at least essentially (or primarily or exclusively) is provided by the security feature and / or the security mechanism. It may be possible that the data transmission is connectionless and / or unidirectional, so that preferably the access device as a transmitter and the security system on the vehicle, in particular at least one receiving node, are uncoupled as a receiver, and / or several receivers are simultaneously (or staggered) can receive the data unit (ie also other data units with the same content, possibly sent at different times). In particular, an unprotected communication channel is understood to mean that the communication channel itself (e.g. at the transport level or in relation to the control and / or protocol information) is unencrypted or only weakly protected, so that cryptographic security is primarily implemented by adapting the user data . For example, the data unit or the useful data of the data unit can be transmitted in plain text and / or by broadcast.

Es kann optional möglich sein, dass das Aktivieren der sicherheitsrelevanten Funktion gemäß Schritt d) in Abhängigkeit zumindest von dem Überprüfungsergebnis und/oder einer Signalstärke bei dem Übertragen der Dateneinheit erfolgt, wobei vorzugsweise anhand der Signalstärke ein Abstand zwischen dem Zugangsgerät und dem Fahrzeug bestimmt wird, und die sicherheitsrelevante Funktion nur bei ausreichend geringem Abstand aktiviert wird. Insbesondere bietet eine Prüfung des Überprüfungsergebnisses dabei die zusätzliche Sicherheit, dass nur ein autorisiertes und/oder authentifiziertes Zugangsgerät zur Aktivierung der Funktion bei ausreichend geringem Abstand genutzt werden kann. Bspw. kann die Signalstärke dabei anhand von Received Signal Strength Indication (RSSI) Daten bestimmt werden, insbesondere bei einem Empfangsknoten des Fahrzeuges, welcher insbesondere als Bluetooth-Schnittstelle ausgeführt ist.It may optionally be possible that the activation of the security-relevant function according to step d) takes place as a function of at least the check result and / or a signal strength when the data unit is transmitted, a distance between the access device and the vehicle preferably being determined on the basis of the signal strength, and the safety-relevant function is only activated when the distance is sufficiently small. In particular, a check of the check result offers the additional security that only an authorized and / or authenticated access device can be used to activate the function at a sufficiently short distance. For example, the signal strength can be determined on the basis of Received Signal Strength Indication (RSSI) data, in particular in the case of a receiving node in the vehicle, which is in particular designed as a Bluetooth interface.

Erfindungsgemäß umfasst die Dateneinheit wenigstens eine Nutzdateninformation und anhand der Nutzdateninformation die Dateneinheit fahrzeugseitig dem Zugangsgerät zugeordnet wird, wobei zum kryptografischen Schutz dieser Zuordnung das Sicherheitsmerkmal (gemäß Schritt a)) anhand der Nutzdateninformation bestimmt wird, sodass die Nutzdateninformation signiert wird. Insbesondere kann anschließend nach der Datenübertragung die Integrität der Dateneinheit und/oder der Nutzdateninformation dadurch überprüft werden, dass das Sicherheitsmerkmal ausgewertet wird. Bspw. kann hierzu das Sicherheitsmerkmal anhand eines Verifikationsschlüssels überprüft werden. Alternativ oder zusätzlich kann anhand des Sicherheitsmerkmals (oder des Verifikationsschlüssels) auch die Nutzdateninformation überprüft (oder entschlüsselt) werden.According to the invention, the data unit comprises at least one piece of useful data information and, on the basis of the useful data information, the data unit on the vehicle side is assigned to the access device, the security feature (according to step a)) being determined on the basis of the user data information so that the user data information is signed for cryptographic protection of this assignment. In particular, after the data transmission, the integrity of the data unit and / or the useful data information can then be checked by evaluating the security feature. For example, for this purpose the security feature can be checked using a verification key. Alternatively or additionally, the user data information can also be checked (or decrypted) on the basis of the security feature (or the verification key).

Insbesondere kann dabei das Sicherheitsmerkmal wenigstens eine der nachfolgenden Funktionen erfüllen (und bspw. wenigstens einer der nachfolgenden Schritte vorgesehen sein):

  • Überprüfen der Korrektheit und/oder Integrität und/oder Urheberschaft der Nutzdateninformation, bspw. durch Berechnung eines Prüfwertes anhand des Sicherheitsmerkmals und/oder eines Verifikationsschlüssels,
  • Zuordnen der Nutzdateninformation und/oder der wenigstens einen Dateneinheit zu einem bestimmten Zugangsgerät,
  • Überprüfen der Zuordnung dahingehend, dass das zugeordnete Zugangsgerät dazu autorisiert ist, die sicherheitsrelevante Funktion zu aktivieren, insbesondere anhand einer Zuordnungstabelle.
In particular, the security feature can fulfill at least one of the following functions (and for example at least one of the following steps can be provided):
  • Checking the correctness and / or integrity and / or authorship of the user data information, for example by calculating a test value based on the security feature and / or a verification key,
  • Assigning the user data information and / or the at least one data unit to a specific access device,
  • Checking the assignment to the effect that the assigned access device is authorized to activate the security-relevant function, in particular using an assignment table.

Bevorzugt kann der Prüfwert dabei derart mit der Nutzdateninformation korreliert sein, dass der Prüfwert ein vorgegebenes Ergebnis aufweisen muss, um die Nutzdateninformation zu bestätigen. Hierzu kann bspw. ein Sicherheits- und/oder Verschlüsselungsalgorithmus derart auf die Nutzdateninformation und/oder das Sicherheitsmerkmal angewandt werden, dass durch einen Vergleich des Sicherheitsmerkmals mit der Nutzdateninformation die Integrität geprüft werden kann.The check value can preferably be correlated with the user data information in such a way that the check value must have a predetermined result in order to confirm the user data information. For this purpose, for example, a security and / or encryption algorithm can be applied to the user data information and / or the security feature in such a way that the integrity can be checked by comparing the security feature with the user data information.

Bspw. kann der Sicherheitsmechanismus und/oder das Überprüfen der Korrektheit und/oder Integrität und/oder Urheberschaft der Nutzdateninformationen und/oder das Überprüfen gemäß Schritt c) zumindest teilweise die Nutzung eines symmetrischen und/oder asymmetrischen kryptographischen Verfahrens umfassen, bspw. eines randomisierten Verschlüsselungsalgorithmus und/oder eines RSA-Signaturverfahrens.For example, the security mechanism and / or checking the correctness and / or integrity and / or authorship of the user data information and / or checking according to step c) can at least partially use a symmetrical and / or asymmetric cryptographic method, for example a randomized encryption algorithm and / or an RSA signature method.

Es kann ferner möglich sein, dass die Nutzdateninformation zumindest eine gerätespezifische Information, insbesondere eine Geräteadresse des Zugangsgeräts, vorzugsweise eine Bluetooth-Geräteadresse, umfasst, wobei vorzugsweise das Sicherheitsmerkmal (gemäß Schritt a)) anhand der gerätespezifischen Information bestimmt wird, sodass bevorzugt (gemäß Schritt c)) eine Authentifizierung der gerätespezifischen Information und/oder eine Zuordnung der Dateneinheit zum Zugangsgerät anhand der gerätespezifischen Information durchgeführt wird. Insbesondere wird die Geräteadresse bzw. Bluetooth-Geräteadresse mit einem IRK-Schlüssel (Identity Resolving Key) verrechnet. Vorzugsweise wird zur Zuordnung die gerätespezifische Information mit vorgegebenen Informationen (bspw. einer Zuordnungstabelle) verglichen, und nur bei einer Übereinstimmung das Überprüfungsergebnis als positiv festgelegt, sodass die sicherheitsrelevante Funktion aktiviert werden kann.It can furthermore be possible that the user data information comprises at least one device-specific information item, in particular a device address of the access device, preferably a Bluetooth device address, the security feature (according to step a)) being preferably determined on the basis of the device-specific information, so that preferably (according to step c)) the device-specific information is authenticated and / or the data unit is assigned to the access device on the basis of the device-specific information. In particular, the device address or Bluetooth device address is offset against an IRK key (Identity Resolving Key). For the purpose of allocation, the device-specific information is preferably compared with specified information (for example an allocation table) and the check result is only defined as positive if there is a match, so that the safety-relevant function can be activated.

Des Weiteren ist es denkbar, dass das Aktivieren (gemäß Schritt d)) in Abhängigkeit von einer Lokalisation des Zugangsgeräts anhand wenigstens einer Abstandsinformation (wie einer Signalstärke bei der Datenübertragung) über einen Abstand des Zugangsgeräts zum Fahrzeug erfolgt, wobei (vor Schritt d)) zumindest einer der nachfolgenden Schritte vorgesehen ist, welche vorzugsweise nacheinander oder in beliebiger Reihenfolge durchgeführt werden (wobei auch einzelne Schritte wiederholt durchgeführt werden können):

  • Digitales Signieren einer Nutzdateninformation für die Dateneinheit, sodass vorzugsweise eine digitale Signatur als Sicherheitsmerkmal für die Dateneinheit berechnet wird, insbesondere durch das Zugangsgerät,
  • Übertragen der Dateneinheit, wobei die (signierte) Nutzdateninformation und das Sicherheitsmerkmal als Nutzdaten der Dateneinheit von dem Zugangsgerät an das Fahrzeug übertragen werden, insbesondere gemäß Schritt b), wobei vorzugsweise die gesamten Nutzdaten und/oder die Nutzdateninformation der Dateneinheit unverschlüsselt übertragen werden, (dies bezieht sich insbesondere nur auf die Übertragung, sodass insbesondere die Nutzdaten oder die Nutzdateninformation selbst verschlüsselt sein kann, sodass ggf. nur die Übertragung unverschlüsselt, jedoch mit verschlüsseltem Inhalt der Nutzdaten, d. h. bspw. auf Applikationsebene und nicht auf Transport- bzw. Koppelelement- bzw. Schnittstellenebene verschlüsselt, erfolgt),
  • Bestimmen der Abstandsinformation, insbesondere anhand der Datenübertragung, vorzugsweise anhand einer Messung einer Signalstärke bei der Datenübertragung, bevorzugt durch das Fahrzeug,
wobei vorzugsweise (gemäß Schritt c)) die Nutzdateninformation und/oder die Abstandsinformation anhand des Sicherheitsmerkmals überprüft, insbesondere authentifiziert, wird.Furthermore, it is conceivable that the activation (according to step d)) takes place as a function of a localization of the access device on the basis of at least one distance information (such as a signal strength during data transmission) about a distance between the access device and the vehicle, with (before step d)) at least one of the following steps is provided, which are preferably carried out one after the other or in any order (whereby individual steps can also be carried out repeatedly):
  • Digital signing of user data information for the data unit, so that a digital signature is preferably calculated as a security feature for the data unit, in particular by the access device,
  • Transmission of the data unit, with the (signed) user data information and the security feature being transmitted as user data of the data unit from the access device to the vehicle, in particular according to step b), with preferably all of the user data and / or the user data information of the data unit being transmitted unencrypted (this relates in particular only to the transmission, so that in particular the useful data or the useful data information itself can be encrypted, so that if necessary only the transmission is unencrypted, but with encrypted content of the useful data, ie for example at the application level and not encrypted at the transport or coupling element or interface level),
  • Determination of the distance information, in particular on the basis of the data transmission, preferably on the basis of a measurement of a signal strength during the data transmission, preferably by the vehicle,
wherein preferably (according to step c)) the user data information and / or the distance information is checked, in particular authenticated, on the basis of the security feature.

Die unverschlüsselte Übertragung bezieht sich hierbei insbesondere nur auf die Datenübertragung (d. h. insbesondere auf die Transportebene). Damit ist es möglich, dass auch eine verbindungslose Übertragung genutzt werden kann, um so die Zuverlässigkeit und Effizienz bei dem Sicherheitssystem zu erhöhen.The unencrypted transmission relates in particular only to the data transmission (i.e. in particular to the transport level). It is thus possible that connectionless transmission can also be used in order to increase the reliability and efficiency of the security system.

Gemäß einem weiteren Vorteil kann vorgesehen sein, dass (insbesondere bei Schritt c)) das Sicherheitsmerkmal und/oder die Nutzdateninformation kryptographisch verifiziert wird, vorzugweise anhand wenigstens einer Verifizierungsvorgabe, wie eines Verifizierungsschlüssels, des Sicherheitsmechanismus, bevorzugt anhand eines Verifizierungsalgorithmus und/oder eines Verifizierungsschlüssels. Bevorzugt ist dabei der Verifizierungsschlüssel bei dem Fahrzeug vorgespeichert, bspw. in einem nicht-flüchtigen Datenspeicher des Fahrzeuges. Besonders bevorzugt ist der Verifizierungsschlüssel kryptografisch geschützt, um eine Manipulation oder ein unberechtigtes Auslesen zu verhindern.According to a further advantage, it can be provided that (in particular in step c)) the security feature and / or the user data information is cryptographically verified, preferably using at least one verification specification, such as a verification key, of the security mechanism, preferably using a verification algorithm and / or a verification key. The verification key is preferably pre-stored in the vehicle, for example in a non-volatile data memory of the vehicle. The verification key is particularly preferably cryptographically protected in order to prevent manipulation or unauthorized reading.

Ferner ist es optional vorgesehen, dass (insbesondere gemäß Schritt c)) ein positives Überprüfungsergebnis bestimmt wird, wenn anhand des übertragenen Sicherheitsmerkmals die Authentizität des Zugangsgeräts und/oder die Integrität der Dateneinheit erfolgreich festgestellt wird, wobei vorzugsweise bei Schritt d) das Aktivieren (der sicherheitsrelevanten Funktion) nur erfolgt, wenn das Überprüfungsergebnis positiv ist. Dies hat den Vorteil, dass sicherheitskritische Funktionen nur für berechtigte Benutzer des Fahrzeugs bereitgestellt werden können.Furthermore, it is optionally provided that (in particular according to step c)) a positive check result is determined if the authenticity of the access device and / or the integrity of the data unit is successfully determined on the basis of the transmitted security feature, whereby preferably in step d) the activation (the safety-relevant function) only takes place if the check result is positive. This has the advantage that functions critical to safety can only be made available to authorized users of the vehicle.

Weiter ist im Rahmen der Erfindung denkbar, dass die wenigstens eine Dateneinheit, zumindest auf einer transportorientierten Ebene, unverschlüsselt übertragen wird, und vorzugsweise somit wenigstens eine unverschlüsselte Steuer- und/oder Protokollinformation und/oder zumindest teilweise unverschlüsselte Nutzdaten, insbesondere wenigstens mit einer unverschlüsselten Nutzdateninformation, umfasst, wobei vorzugsweise die Dateneinheit als ein Datenpaket ausgeführt ist, und bevorzugt die Nutzdaten wenigstens das Sicherheitsmerkmal unverschlüsselt umfassen. Insbesondere ist bei der Datenübertragung eine (zusätzliche) Verschlüsselung des Sicherheitsmerkmals nicht nötig (sodass es in der Dateneinheit unverschlüsselt vorliegen kann), da das Sicherheitsmerkmal bereits durch einen kryptografischen Algorithmus bestimmt worden ist. Damit kann eine besonders zuverlässige und einfachere Sicherheitsprüfung umgesetzt werden.It is also conceivable within the scope of the invention that the at least one data unit is transmitted unencrypted, at least on a transport-oriented level, and thus preferably at least one unencrypted control and / or protocol information item and / or at least partially unencrypted user data, in particular with at least one unencrypted user data item , wherein the data unit is preferably designed as a data packet, and the useful data preferably include at least the security feature in unencrypted form. In particular, (additional) encryption of the security feature is not necessary during data transmission (so that it can be present in the data unit in unencrypted form), since the security feature has already been determined by a cryptographic algorithm. A particularly reliable and simpler security check can thus be implemented.

Bspw. erfolgt bei der Dateneinheit und/oder zur Datenübertragung gemäß dem Sicherheitsmechanismus eine Verschlüsslung auf der anwendungsorientierten Ebene. Diese umfasst z. B. eine Anwendungsschicht gemäß dem OSI-Modell. Die transportorientierte Ebene umfasst bspw. die Sicherungsschicht oder die Schichten unterhalb der Anwendungsschicht oder Sitzungsschicht gemäß dem OSI-Modell.For example, the data unit and / or data transmission is encrypted on the application-oriented level in accordance with the security mechanism. This includes z. B. an application layer according to the OSI model. The transport-oriented level includes, for example, the data link layer or the layers below the application layer or session layer according to the OSI model.

Es kann im Rahmen der Erfindung vorgesehen sein, dass der Sicherheitsmechanismus wenigstens ein kryptographisches Verfahren umfasst, um vorzugsweise wenigstens eine Zuordnung, insbesondere eine Authentizität, der Dateneinheit (zum Zugangsgerät) zu bestimmen, wobei bevorzugt das kryptographische Verfahren ein digitales Signaturverfahren ist und/oder anhand wenigstens eines Zufallswertes und/oder Rolling-Codes durchgeführt wird. Vorzugsweise kann dabei das Sicherheitsmerkmal als ein Code gemäß einem Rolling-Code-Verfahren ausgeführt sein. Bevorzugt wird dabei, insbesondere basierend auf einem gemeinsamen Geheimnis (wie einem symmetrischen Schlüssel) zwischen Sender (Zugangsgerät) und Empfänger (Fahrzeug bzw. Empfangsknoten) und einem kryptographischen Algorithmus, vom Sender ein sich stets ändernder Code an den Empfänger zur Prüfung übermittelt (Verifizierung). Bspw. wird hierzu ein sogenannter Keeloq-Algorithmus verwendet.It can be provided within the scope of the invention that the security mechanism comprises at least one cryptographic method in order to preferably determine at least one assignment, in particular an authenticity, of the data unit (to the access device), the cryptographic method preferably being a digital signature method and / or based on at least one random value and / or rolling code is carried out. The security feature can preferably be implemented as a code in accordance with a rolling code method. Preferably, based on a shared secret (such as a symmetrical key) between the sender (access device) and receiver (vehicle or receiving node) and a cryptographic algorithm, the sender transmits a constantly changing code to the receiver for verification (verification). . For example, a so-called Keeloq algorithm is used for this.

Von weiterem Vorteil kann vorgesehen sein, dass das Sicherheitsmerkmal und/oder eine Nutzdateninformation für das Zugangsgerät spezifisch ist, insbesondere dadurch, dass dasA further advantage can be that the security feature and / or a piece of useful data information is specific for the access device, in particular in that the

Sicherheitsmerkmal und/oder die Nutzdateninformation direkt oder indirekt anhand einer gerätespezifischen Information, insbesondere einer Gerätekennung, vorzugsweise eines Identity Resolving Key, des Zugangsgeräts bestimmt wird. Bspw. kann dabei die gerätespezifische Information eindeutig einem Zugangsgerät zugeordnet sein bzw. werden, und insbesondere fest im Zugangsgerät gespeichert sein. Damit kann die Sicherheit bei dem Verfahren weiter verbessert werden.Security feature and / or the user data information is determined directly or indirectly on the basis of device-specific information, in particular a device identifier, preferably an identity resolving key, of the access device. For example, the device-specific information can be or will be uniquely assigned to an access device, and in particular be permanently stored in the access device. The security in the process can thus be further improved.

Es ist weiter denkbar, dass (insbesondere bei Schritt c)) anhand des Sicherheitsmerkmals eine Lokalisation des Zugangsgeräts, insbesondere eine durch die Datenübertragung gemessene Abstandsinformation, vorzugsweise ein Messergebnis einer Abstandsmessung, bevorzugt einer Signalstärkemessung, überprüft, insbesondere authentifiziert, wird, wobei besonders bevorzugt die Abstandsinformation als wenigstens eine Nutzdateninformation der Dateneinheit (insbesondere bei Schritt b)) übertragen wird. Dies ermöglicht es, in einfacher Weise eine ausreichende Nähe des Zugangsgeräts zum Fahrzeug festzustellen.It is also conceivable that (in particular in step c)) a localization of the access device, in particular distance information measured by the data transmission, preferably a measurement result of a distance measurement, preferably a signal strength measurement, is checked, in particular authenticated, on the basis of the security feature, with the Distance information is transmitted as at least one piece of useful data information of the data unit (in particular in step b)). This makes it possible to determine in a simple manner that the access device is sufficiently close to the vehicle.

Außerdem ist es im Rahmen der Erfindung optional möglich, dass (insbesondere gemäß Schritt a)) das Bestimmen des Sicherheitsmerkmals für unterschiedliche Dateneinheiten unterschiedlich erfolgt, vorzugsweise anhand eines randomisierten Verschlüsselungsalgorithmus und/oder eines Zufallswertes und/oder eines Zählers und/oder dergleichen. Somit kann die Sicherheit zur Aktivierung der Funktion weiter erhöht werden. Insbesondere kann dabei der Zähler eine fortlaufende Nummerierung oder dergleichen, insbesondere durch eine Zählereinheit (Counter) generieren, bspw. zur Bereitstellung eines Rolling-Codes.In addition, it is optionally possible within the scope of the invention that (in particular according to step a)) the determination of the security feature takes place differently for different data units, preferably using a randomized encryption algorithm and / or a random value and / or a counter and / or the like. The security for activating the function can thus be further increased. In particular, the counter can generate consecutive numbering or the like, in particular by a counter unit (counter), for example to provide a rolling code.

Des Weiteren kann es möglich sein, dass die sicherheitsrelevante Funktion wenigstens eine erste Funktion, insbesondere eine Freigabe eines Zugangs zum Fahrzeug, und/oder wenigstens eine zweite Funktion, insbesondere eine Freigabe eines Motormanagementsystems des Fahrzeuges, umfasst, wobei vorzugsweise die erste Funktion nur dann aktiviert wird, wenn anhand einer Lokalisation ein Mindestabstand des Zugangsgeräts zum Fahrzeug detektiert wird, und bevorzugt die zweite Funktion nur dann aktiviert wird, wenn anhand der Lokalisation das Zugangsgerät im Innenraum des Fahrzeuges detektiert wird. Dadurch kann eine sehr komfortable Möglichkeit zur Aktivierung der Funktionen bereitgestellt werden.Furthermore, it may be possible for the safety-relevant function to include at least a first function, in particular enabling access to the vehicle, and / or at least one second function, in particular enabling an engine management system of the vehicle, with the first function preferably only being activated then is when a minimum distance between the access device and the vehicle is detected on the basis of a localization, and preferably the second function is only activated when the access device is detected in the interior of the vehicle on the basis of the localization. This provides a very convenient way of activating the functions.

In einer weiteren Möglichkeit kann vorgesehen sein, dass wenigstens zwei oder drei oder weitere Empfangsknoten des Fahrzeuges vorgesehen sind, um vorzugsweise jeweils die Dateneinheit zu empfangen und/oder die Datenübertragung durchzuführen, wobei in Abhängigkeit von dem Empfang und/oder der Datenübertragung der Empfangsknoten und/oder einer Überprüfung der Integrität der jeweils empfangenen Dateneinheiten eine Lokalisation des Zugangsgeräts durchgeführt wird, und bevorzugt in Abhängigkeit von der Lokalisation die wenigstens eine sicherheitsrelevante Funktion aktiviert wird. Bspw. können die unterschiedlichen Signalstärkesignale der einzelnen Empfangsknoten dazu genutzt werden, um eine besonders genaue Lokalisierung des Zugangsgeräts durchzuführen. Hierzu kann bspw. eine Triangulation oder dergleichen zur Lokalisation (Ortung) eingesetzt werden.In a further possibility it can be provided that at least two or three or more receiving nodes of the vehicle are provided in order to preferably receive the data unit and / or carry out the data transmission, the receiving node and / or the data transmission being dependent on the reception and / or the data transmission. or a check of the integrity of the respectively received data units, a localization of the access device is carried out, and preferably the at least one security-relevant function is activated as a function of the localization. For example, the different signal strength signals of the individual receiving nodes can be used to carry out a particularly precise localization of the access device. For this purpose, for example, triangulation or the like can be used for localization (positioning).

Gemäß einem weiteren Vorteil kann vorgesehen sein, dass eine Lokalisation durch eine Abstandsmessung, insbesondere Signalstärkemessung, anhand der Datenübertragung bei unterschiedlichen Empfangsknoten des Fahrzeuges erfolgt, insbesondere anhand des gemessenen Abstands der jeweiligen Empfangsknoten zu dem Zugangsgerät, wobei bevorzugt die Ergebnisse der Abstandsmessung zur Lokalisation miteinander verglichen werden. Vorzugsweise können dabei auch alternativ oder zusätzliche Ortungsdaten, bspw. durch ein GPS (Global Positioning System), insbesondere zur Erhöhung der Ortungsgenauigkeit herangezogen werden.According to a further advantage, it can be provided that a localization is carried out by a distance measurement, in particular a signal strength measurement, based on the data transmission at different receiving nodes of the vehicle, in particular based on the measured distance of the respective receiving nodes to the access device, the results of the distance measurement for the localization preferably being compared with one another become. Alternatively or additional location data, for example from a GPS (Global Positioning System), can preferably also be used, in particular to increase the location accuracy.

Es kann im Rahmen der Erfindung vorgesehen sein, dass die Datenübertragung über einen öffentlichen Advertising- und/oder Broadcast-Modus, insbesondere einer Bluetooth-Kommunikationstechnologie (d. h. auch Bluetooth Low Energy), erfolgt, sodass die übertragenen Nutzdaten, insbesondere auch das Sicherheitsmerkmal, öffentlich auswertbar und/oder lesbar sind, vorzugsweise durch sämtliche Empfangsknoten des Fahrzeuges. Damit ist es grundsätzlich denkbar, dass die übertragenen Nutzdaten der Dateneinheit(en) abgefangen und ausgelesen werden können. Hierbei bietet der Sicherheitsmechanismus den eigentlichen Schutz, um die Integrität der Dateneinheit zu gewährleisten. Insbesondere kann dabei die Datenübertragung ausschließlich unidirektional erfolgen.It can be provided within the scope of the invention that the data transmission takes place via a public advertising and / or broadcast mode, in particular a Bluetooth communication technology (ie also Bluetooth Low Energy), so that the transmitted user data, in particular also the security feature, is public can be evaluated and / or read, preferably by all receiving nodes of the vehicle. It is therefore basically conceivable that the transmitted user data of the data unit (s) can be intercepted and read out. The security mechanism provides the actual protection to ensure the integrity of the data unit. In particular, the data transmission can only take place unidirectionally.

Auch ist es denkbar, dass eine Nutzdateninformation der Dateneinheit wenigstens das Sicherheitsmerkmal und wenigstens einen Sicherheitscode für das Sicherheitssystem, insbesondere ein Zugangssystem, umfasst, wobei vorzugsweise das Aktivieren gemäß Schritt d) in Abhängigkeit von dem Sicherheitscode erfolgt. In anderen Worten kann durch das Sicherheitssystem eine Authentifizierung anhand der Dateneinheit erfolgen.It is also conceivable that user data information of the data unit contains at least the security feature and at least one security code for the security system, in particular an access system, wherein the activation according to step d) preferably takes place as a function of the security code. In other words, the security system can authenticate using the data unit.

Ebenfalls Gegenstand der Erfindung ist ein Sicherheitssystem für ein Fahrzeug zur Aktivierung wenigstens einer sicherheitsrelevanten Funktion bei dem Fahrzeug anhand wenigstens einer Datenübertragung zwischen einem tragbaren Zugangsgerät und dem Fahrzeug gemäß Anspruch 13.The invention also relates to a security system for a vehicle for activating at least one security-relevant function in the vehicle on the basis of at least one data transmission between a portable access device and the vehicle according to claim 13.

Damit bringt das erfindungsgemäße Sicherheitssystem die gleichen Vorteile mit sich, wie sie ausführlich mit Bezug auf ein erfindungsgemäßes Sicherheitsverfahren beschrieben worden ist. Zudem kann das Sicherheitssystem geeignet sein, gemäß einem erfindungsgemäßen Sicherheitsverfahren betrieben zu werden. Auch ist es optional denkbar, dass die Verarbeitungsvorrichtung zur Durchführung eines erfindungsgemäßen Sicherheitsverfahrens ausgebildet ist.The security system according to the invention thus has the same advantages as has been described in detail with reference to a security method according to the invention. In addition, the security system can be suitable to be operated according to a security method according to the invention. It is also optionally conceivable that the processing device is designed to carry out a security method according to the invention.

Insbesondere kann dabei der wenigstens eine Empfangsknoten am und/oder im Fahrzeug angeordnet, vorzugsweise unlösbar befestigt sein. Alternativ oder zusätzlich können die Empfangsknoten jeweils wenigstens eine Antenne, insbesondere Bluetooth-Antenne, aufweisen und/oder jeweils als Bluetooth-Schnittstelle, vorzugsweise Bluetooth Low Energy-Schnittstelle, ausgeführt sein.In particular, the at least one receiving node can be arranged on and / or in the vehicle, preferably permanently attached. As an alternative or in addition, the receiving nodes can each have at least one antenna, in particular a Bluetooth antenna, and / or each be designed as a Bluetooth interface, preferably a Bluetooth low energy interface.

Optional kann es vorgesehen sein, dass wenigstens ein erster Empfangsknoten am Fahrzeugheck und/oder wenigstens ein zweiter Empfangsknoten in einem Türgriff des Fahrzeuges und/oder wenigstens ein dritter Empfangsknoten im Fahrzeuginnenraum und/oder wenigstens ein vierter Empfangsknoten im Frontbereich des Fahrzeuges vorgesehen sind, sodass vorzugsweise in Abhängigkeit von einem Abstand zwischen dem Zugangsgerät und den jeweiligen Empfangsknoten eine Lokalisation des Zugangsgeräts anhand der Datenübertragung erfolgen kann. Damit kann durch die Ortung des Zugangsgeräts eine sicherere Möglichkeit zur kontaktlosen Aktivierung der sicherheitsrelevanten Funktion bereitgestellt werden.Optionally, it can be provided that at least one first receiving node on the rear of the vehicle and / or at least one second receiving node in a door handle of the vehicle and / or at least one third receiving node in the vehicle interior and / or at least one fourth receiving node in the front area of the vehicle are provided, so that preferably Depending on a distance between the access device and the respective receiving node, the access device can be localized on the basis of the data transmission. Thus, by locating the access device, a more secure option for contactless activation of the security-relevant function can be provided.

Weitere Vorteile, Merkmale und Einzelheiten der Erfindung ergeben sich aus der nachfolgenden Beschreibung, in der unter Bezugnahme auf die Zeichnungen Ausführungsbeispiele der Erfindung im Einzelnen beschrieben sind. Dabei können die in den Ansprüchen und in der Beschreibung erwähnten Merkmale jeweils einzeln für sich oder in beliebiger Kombination erfindungswesentlich sein. Es zeigen:

Fig. 1
eine schematische Darstellung eines erfindungsgemäßen Sicherheitssystems,
Fig. 2
eine weitere schematische Darstellung eines erfindungsgemäßen Sicherheitssystems und
Fig. 3
eine schematische Darstellung zur Visualisierung eines erfindungsgemäßen Verfahrens.
Further advantages, features and details of the invention emerge from the following description, in which exemplary embodiments of the invention are described in detail with reference to the drawings. The features mentioned in the claims and in the description can be essential to the invention individually or in any combination. Show it:
Fig. 1
a schematic representation of a security system according to the invention,
Fig. 2
a further schematic representation of a security system according to the invention and
Fig. 3
a schematic representation for the visualization of a method according to the invention.

In den nachfolgenden Figuren werden für die gleichen technischen Merkmale auch von unterschiedlichen Ausführungsbeispielen die identischen Bezugszeichen verwendet.In the following figures, the same reference numerals are used for the same technical features from different exemplary embodiments.

In Figur 1 ist schematisch ein erfindungsgemäßes Sicherheitssystem 200 gezeigt. Dabei ist ein Fahrzeug 1 dargestellt, das wenigstens einen Empfangsknoten 210 zur Durchführung einer Datenübertragung D beim Fahrzeug 1 aufweist.In Figure 1 a security system 200 according to the invention is shown schematically. A vehicle 1 is shown which has at least one receiving node 210 for carrying out a data transmission D in the vehicle 1.

Die Datenübertragung D dient dabei dazu, die Anwesenheit und/oder Annäherung eines Zugangsgeräts 10 zu detektieren und/oder eine Lokalisation des Zugangsgeräts 10 und/oder eine Authentifizierung durchzuführen. Auf diese Weise kann das Zugangsgerät 10 dazu genutzt werden, eine sicherheitsrelevante Funktion bei dem Fahrzeug 1 zu aktivieren. Hierzu wird bspw. ein autorisiertes Zugangsgerät 10 in die Nähe des Fahrzeuges 1 gebracht.The data transmission D serves to detect the presence and / or approach of an access device 10 and / or a localization of the access device 10 and / or perform an authentication. In this way, the access device 10 can be used to activate a security-relevant function in the vehicle 1. For this purpose, for example, an authorized access device 10 is brought into the vicinity of the vehicle 1.

Es kann z. B. möglich sein, dass, sobald das Zugangsgerät 10 in die Empfangsreichweite des Fahrzeuges 1 bzw. des wenigstens einen Empfangsknoten 210 gelangt, die Datenübertragung D durchgeführt wird. Diese Datenübertragung D dient dabei dann insbesondere dazu, wenigstens eine Dateneinheit 50 von dem Zugangsgerät 10 an das Fahrzeug 1 zu übertragen. Um einen flexiblen und einfachen Datenaustausch und/oder Kommunikationsaufbau zwischen dem Zugangsgerät 10 und dem Fahrzeug 1 zu gewährleisten, wird dabei die Datenübertragung D vorzugsweise unverschlüsselt und/oder verbindungslos durchgeführt.It can e.g. B. possible that as soon as the access device 10 comes within the receiving range of the vehicle 1 or the at least one receiving node 210, the data transmission D is carried out. This data transmission D then serves in particular to transmit at least one data unit 50 from the access device 10 to the vehicle 1. In order to ensure flexible and simple data exchange and / or communication between the access device 10 and the vehicle 1, the data transmission D is preferably carried out unencrypted and / or without a connection.

In Figur 2 ist gezeigt, dass auch mehrere Empfangsknoten 210 des Fahrzeuges 1 vorgesehen sein können. Bspw. können wenigstens ein erster Empfangsknoten 210a und/oder ein zweiter Empfangsknoten 210b und/oder ein dritter Empfangsknoten 210c und/oder ein vierter Empfangsknoten 210d an unterschiedlichen Positionen des Fahrzeuges 1 befestigt sein. Mögliche Positionen sind dabei bspw. der Fahrzeuginnenraum und/oder ein Türgriff 2 und/oder ein Heckbereich des Fahrzeuges 1. Um die übertragene Dateneinheit 50 auszuwerten, kann bspw. eine Verarbeitungsvorrichtung 220 vorgesehen sein. Diese kann bspw. auch geeignet sein, um zumindest teilweise das erfindungsgemäße Sicherheitsverfahren 100 durchzuführen, insbesondere eine Überprüfung der Dateneinheit 50 durchzuführen.In Figure 2 it is shown that a plurality of receiving nodes 210 of the vehicle 1 can also be provided. For example, at least a first receiving node 210a and / or a second receiving node 210b and / or a third receiving node 210c and / or a fourth receiving node 210d can be attached to different positions of the vehicle 1. Possible positions are, for example, the vehicle interior and / or a door handle 2 and / or a rear area of the vehicle 1. In order to evaluate the transmitted data unit 50, a processing device 220 can be provided, for example. This can also be suitable, for example, to at least partially carry out the security method 100 according to the invention, in particular to carry out a check of the data unit 50.

In Figur 3 ist schematisch ein erfindungsgemäßes Sicherheitsverfahren 100 visualisiert, insbesondere durch die repräsentative Darstellung einer Dateneinheit 50. Gemäß einem ersten Verfahrensschritt erfolgt dabei ein Bestimmen wenigstens eines Sicherheitsmerkmals 60 gemäß einem vorgegebenen Sicherheitsmechanismus. Gemäß einem zweiten Verfahrensschritt erfolgt eine Durchführung der Datenübertragung D, sodass wenigstens eine Dateneinheit 50 mit zumindest dem Sicherheitsmerkmal 60 und/oder einer Nutzdateninformation 70 von dem Zugangsgerät 10 an das Fahrzeug 1 übertragen wird. Anschließend kann gemäß einem dritten Verfahrensschritt ein Überprüfen der übertragenen Dateneinheit 50 anhand des übertragenen Sicherheitsmerkmals 60 gemäß dem Sicherheitsmechanismus erfolgen, um die Dateneinheit 50 fahrzeugseitig dem Zugangsgerät 10 zuzuordnen, sodass ein Überprüfungsergebnis bestimmt wird. Auch kann zur Bestimmung des Überprüfungsergebnisses und/oder zur Zuordnung der Dateneinheit 50 zum Zugangsgerät 10 die Nutzdateninformation 70 als eine gerätespezifische Information 70 der Dateneinheit 50 ausgewertet werden. Weiter können, insbesondere um die Sicherheit weiter zu erhöhen, mehrere Empfangsknoten 210 des Fahrzeuges 1 vorgesehen sein, welche die wenigstens eine Dateneinheit 50 empfangen können. Dies ermöglicht es, anhand von Informationen, welche bei den jeweiligen Empfangsknoten 210 gewonnen werden (wie eine Signalstärke der jeweiligen Datenübertragung an die jeweiligen Empfangsknoten 210), eine zuverlässige Lokalisierung des Zugangsgeräts 10 durchführen zu können. Somit kann die sicherheitsrelevante Funktion in Abhängigkeit zumindest von dem Überprüfungsergebnis in einfacher und sicherer Weise aktiviert werden.In Figure 3 A security method 100 according to the invention is schematically visualized, in particular by the representative representation of a data unit 50. According to a first method step, at least one security feature 60 is determined in accordance with a predetermined security mechanism. According to a second method step, the data transmission D is carried out so that at least one data unit 50 with at least the security feature 60 and / or useful data information 70 is transmitted from the access device 10 to the vehicle 1. Subsequently, according to a third method step, the transmitted data unit 50 can be checked on the basis of the transmitted security feature 60 according to FIG Safety mechanism take place in order to assign the data unit 50 on the vehicle side to the access device 10, so that a check result is determined. To determine the check result and / or to assign the data unit 50 to the access device 10, the user data information 70 can also be evaluated as device-specific information 70 of the data unit 50. Furthermore, in particular in order to further increase the security, several receiving nodes 210 of the vehicle 1 can be provided, which the at least one data unit 50 can receive. This enables the access device 10 to be reliably localized on the basis of information obtained at the respective receiving nodes 210 (such as a signal strength of the respective data transmission to the respective receiving nodes 210). The safety-relevant function can thus be activated in a simple and secure manner as a function of at least the check result.

Die voranstehende Erläuterung der Ausführungsformen beschreibt die vorliegende Erfindung ausschließlich im Rahmen von Beispielen.The above explanation of the embodiments describes the present invention exclusively in the context of examples.

BezugszeichenlisteList of reference symbols

11
Fahrzeugvehicle
22
TürgriffDoor handle
1010
ZugangsgerätAccess device
5050
DateneinheitData unit
6060
SicherheitsmerkmalSecurity feature
7070
Nutzdateninformation, gerätespezifische InformationUser data information, device-specific information
100100
SicherheitsverfahrenSecurity procedures
200200
Sicherheitssystemsecurity system
210210
EmpfangsknotenReceiving node
210a210a
erster Empfangsknotenfirst receiving node
210b210b
zweiter Empfangsknotensecond receiving node
210c210c
dritter Empfangsknotenthird receiving node
210d210d
vierter Empfangsknotenfourth receiving node
220220
VerarbeitungsvorrichtungProcessing device
DD.
DatenübertragungData transfer

Claims (14)

  1. Security method (100) for a security system (200) of a vehicle (1), for activating at least one security-relevant function on the vehicle (1) by means of at least one data transmission (D) between a portable access device (10) and the vehicle (1),
    characterized by the following steps:
    a) determining at least one security feature (60) according to a predetermined security mechanism,
    b) performing the data transmission (D) so that at least one data unit (50) with at least the security feature (60) is transmitted from the access device (10) to the vehicle (1),
    c) verifying the transmitted data unit (50) based on the transmitted security feature (60) according to the security mechanism to associate the data unit (50) to the access device (10) on the vehicle side so that a verification result is determined,
    d) activating the security-relevant function depending on at least the verification result, wherein
    the data unit (50) comprises user data information (70), and the data unit (50) is associated to the access device (10) on the vehicle side on the basis of the user data information (70), wherein the security feature (60) is determined according to step a) on the basis of the user data information (70) for the cryptographic protection of this association in order to sign the user data information (70), wherein the security feature (60) is designed as an electronic signature.
  2. Security method (100) according to claim 1,
    characterized in that
    the data transmission (D) is carried out without connection via a radio communication technology, in particular via Bluetooth or Bluetooth Low Energy, preferably via a cryptographically unprotected communication channel, so that cryptographic protection is essentially provided by the security feature (60) and/or the security mechanism.
  3. Security method (100) according to claim 1 or 2,
    characterized in that
    the activation of the security-relevant function according to step d) occurs depending on at least of the verification result and of a signal strength during the transmission of the data unit (50), wherein a distance between the access device (10) and the vehicle (1) is preferably determined on the basis of the signal strength, and the security-relevant function is activated only if the distance is sufficiently small.
  4. Security method (100) according to any one of the preceding claims,
    characterized in that
    the user data information (70) comprises at least one device-specific information (70), in particular a device address of the access device (10), preferably a Bluetooth device address, wherein the security feature (60) is determined according to step a) on the basis of the device-specific information (70), so that, preferably according to step c), authentication of the device-specific information (70) and/or an association of the data unit (50) to the access device (10) is carried out on the basis of the device-specific information (70).
  5. Security method (100) according to any one of the preceding claims,
    characterized in that
    the activation according to step d) occurs depending on a localization of the access device (10) on the basis of distance information about a distance of the access device (10) from the vehicle (1), wherein at least the following steps are provided before step d):
    - digitally signing user data information (70) for the data unit (50), so that preferably a digital signature is calculated as a security feature (60) for the data unit (50), in particular by the access device (10),
    - transmitting the data unit (50), wherein the user data information (70) and the security feature (60) are transmitted as user data of the data unit (50) from the access device (10) to the vehicle (1), in particular according to step b), wherein preferably the entire user data and/or the user data information (70) of the data unit (50) are transmitted unencrypted,
    - determining the distance information, in particular based on the data transmission (D), preferably based on a measurement of a signal strength during the data transmission (D), preferably by the vehicle (1),
    wherein preferably according to step c) the user data information (70) and/or the distance information is checked, in particular authenticated, on the basis of the security feature (60).
  6. Security method (100) according to any one of the preceding claims,
    characterized in that
    in step c), the security feature (60) and/or the user data information (70) is cryptographically verified, preferably by means of at least one verification specification of the security mechanism, preferably by means of a verification algorithm and/or by means of a verification key.
  7. Security method (100) according to any one of the preceding claims,
    characterized in that
    according to step c), a positive verification result is determined if the authenticity of the access device (10) and/or the integrity of the data unit (50) is successfully established on the basis of the transmitted security feature (60), wherein, in step d), the activation takes place only if the verification result is positive.
  8. Security method (100) according to any one of the preceding claims,
    characterized in that
    the data unit (50), at least on a transport-oriented level, is transmitted unencrypted, and thus comprises at least unencrypted control and/or protocol information and/or at least partially unencrypted user data, in particular at least with unencrypted user data information (70), wherein preferably the data unit (50) is designed as a data packet (50), and preferably the user data comprise at least the security feature (60) unencrypted.
  9. Security method (100) according to any one of the preceding claims,
    characterized in that
    the security mechanism comprises at least one cryptographic method for preferably determining at least one association, in particular an authenticity, of the data unit (50), wherein the cryptographic method preferably is a digital signature method and/or is carried out on the basis of at least one random value and/or rolling code and/or the security feature (60) and/or user data information (70) is specific to the access device (10), in particular in that the security feature (60) and/or the user data information (70) is determined directly or indirectly on the basis of device-specific information (70), in particular a device identifier, preferably an identity resolving key, of the access device (10).
  10. Security method (100) according to any one of the preceding claims,
    characterized in that
    at least two or three or more receiving nodes (210) of the vehicle (1) are provided in order to receive the at least one data unit (50) in each case and/or to carry out the data transmission (D), wherein the access device (10) is localized depending on the reception and/or the data transmission (D) of the receiving nodes (210) and/or a check of the integrity of the respectively received data units (50), and the at least one security-relevant function is activated depending on the localization.
  11. Security method (100) according to any one of the preceding claims,
    characterized in that
    a localization occurs by means of a distance measurement, in particular signal strength measurement, on the basis of the data transmission (D) at different receiving nodes (210) of the vehicle (1), in particular on the basis of the measured distance of the respective receiving nodes (210) from the access device (10), wherein the results of the distance measurement are compared with one another for localization.
  12. Security method (100) according to any one of the preceding claims,
    characterized in that
    the data transmission (D) occurs via a public advertising and/or broadcast mode, in particular of a Bluetooth communication technology, so that the transmitted data units and/or user data, in particular also the security feature (60), can be publicly evaluated and/or read, preferably by all the receiving nodes (210) of the vehicle (1).
  13. Security system (200) for a vehicle (1) for activating at least one security-relevant function on the vehicle (1) by means of at least one data transmission (D) between a portable access device (10) and the vehicle (1), comprising:
    - at least one receiving node (210) on the vehicle (1), which is designed to receive at least one data unit (50) by the data transmission (D),
    - at least one processing device (220) which is designed to check the received data unit (50) in order to associate the data unit (50) to the access device (10) on the vehicle side,
    wherein the check is carried out on the basis of a security feature (60) of the data unit (50), and the security-relevant function can be activated depending on the check, wherein the data unit (50) comprises user data information (70), and the data unit (50) can be associated to the access device (10) on the vehicle side on the basis of the user data information (70), wherein the security feature (60) can be determined on the basis of the user data information (70) for cryptographic protection of this association in order to sign the user data information (70), wherein the security feature (60) is designed as an electronic signature.
  14. Security system (200) according to claim 13,
    characterized in that
    at least one first receiving node (210a) is provided at the vehicle rear and/or at least one second receiving node (210b) is provided in a door handle (2) of the vehicle (1) and/or at least one third receiving node (210c) is provided in the vehicle interior and/or at least one fourth receiving node (210d) is provided in the front region of the vehicle (1), so that, depending on a distance between the access device (10) and the respective receiving nodes (210), a localization of the access device (10) can occur on the basis of the data transmission (D)
    and/or the processing device (220) is configured to perform a security method (100) according to any one of claims 1 to 12.
EP18160885.2A 2017-03-13 2018-03-09 Safety method for a safety system of a vehicle Active EP3375673B1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
DE102017105259 2017-03-13

Publications (2)

Publication Number Publication Date
EP3375673A1 EP3375673A1 (en) 2018-09-19
EP3375673B1 true EP3375673B1 (en) 2021-05-12

Family

ID=61691636

Family Applications (1)

Application Number Title Priority Date Filing Date
EP18160885.2A Active EP3375673B1 (en) 2017-03-13 2018-03-09 Safety method for a safety system of a vehicle

Country Status (3)

Country Link
US (1) US10239493B2 (en)
EP (1) EP3375673B1 (en)
DE (1) DE102018105443A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102014221772A1 (en) * 2014-10-27 2016-04-28 Robert Bosch Gmbh Method and device for operating a vehicle
US10993100B2 (en) * 2017-09-07 2021-04-27 Huf Secure Mobile GmbH System and method of low energy mobile device recognition
CN111698664B (en) * 2019-03-12 2023-09-15 广州小鹏汽车科技有限公司 Virtual key binding method and system
US11956626B2 (en) * 2019-04-17 2024-04-09 Nokia Technologies Oy Cryptographic key generation for mobile communications device
US12202434B2 (en) * 2021-03-01 2025-01-21 Toyota Motor North America, Inc. Vehicle and method for granting access to vehicle functionalities
DE102022125610A1 (en) * 2022-10-05 2024-04-11 Dr. Ing. H.C. F. Porsche Aktiengesellschaft Method for emergency unlocking of a locked vehicle door and motor vehicle with a possibility for emergency unlocking of a locked vehicle door

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006057430A1 (en) * 2006-12-06 2008-06-12 Robert Bosch Gmbh Method and device for user identification in a vehicle
EP2240910A2 (en) * 2008-01-09 2010-10-20 Johnson Controls Technology Company Bi-directional portable electronic device for interaction with vehicle systems
GB201008710D0 (en) * 2010-05-25 2010-07-07 Jaguar Cars Vehicle communications
GB2480685B (en) * 2010-05-28 2016-07-13 Jaguar Land Rover Ltd Improvements in or relating to vehicle access
US20120172010A1 (en) * 2010-12-30 2012-07-05 Delphi Technologies, Inc. Medium range vehicle communication system
US8626144B2 (en) * 2011-07-13 2014-01-07 GM Global Technology Operations LLC Bluetooth low energy approach detections through vehicle paired capable devices
US9008917B2 (en) * 2012-12-27 2015-04-14 GM Global Technology Operations LLC Method and system for detecting proximity of an end device to a vehicle based on signal strength information received over a bluetooth low energy (BLE) advertising channel
ES2564977T3 (en) * 2013-05-22 2016-03-30 Eileo Locking system with controllable inhibition media
US9086879B2 (en) * 2013-07-26 2015-07-21 GM Global Technology Operations LLC Methods and apparatus for optimizing battery life in a remote device
FR3010364B1 (en) * 2013-09-09 2015-12-11 Valeo Securite Habitacle METHOD FOR TRIGGERING A CONTROL ON A MOTOR VEHICLE BY EXCHANGING DATA BETWEEN A CONTROL EQUIPMENT AND AN IDENTIFIER MEMBER
EP3077254B1 (en) * 2013-12-03 2019-09-25 Huf North America Automotive Parts Mfg. Corp. Vehicle control system to prevent relay attack
US9842444B2 (en) * 2014-06-11 2017-12-12 Ford Global Technologies, Llc Phone sleeve vehicle fob
FR3030987B1 (en) * 2014-12-23 2018-03-23 Valeo Comfort And Driving Assistance AUTOMATIC RECOGNITION METHOD BETWEEN A MOBILE DEVICE AND A MOTOR VEHICLE FOR OPERATING ACCORDING TO THE BLUE PROTOCOL
US10035494B2 (en) * 2016-12-06 2018-07-31 Denso International America, Inc. Vehicle passive entry/passive start system
DE102016123998A1 (en) * 2016-12-09 2018-06-14 Huf Hülsbeck & Fürst Gmbh & Co. Kg Authentication method and authentication arrangement of a motor vehicle
EP3335942B1 (en) * 2016-12-14 2019-11-20 Nxp B.V. Secure vehicle access system, key, vehicle and method therefor

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None *

Also Published As

Publication number Publication date
DE102018105443A1 (en) 2018-09-13
US20180257605A1 (en) 2018-09-13
US10239493B2 (en) 2019-03-26
EP3375673A1 (en) 2018-09-19

Similar Documents

Publication Publication Date Title
EP3375673B1 (en) Safety method for a safety system of a vehicle
DE102006015212B4 (en) Method for protecting a movable good, in particular a vehicle, against unauthorized use
DE112019001472T5 (en) Authentication system
DE102019123628A1 (en) Authentication system and authentication method
EP3418133B1 (en) Method for operating a passive radio-based closing device and passive radio-based closing device
EP2522101B1 (en) Method for the secure unidirectional transmission of signals
DE102017103242A1 (en) Method for activating at least one safety function of a safety system of a vehicle
DE102015206009B4 (en) Distance determination and authentication of a radio key for a vehicle
JP2013234520A (en) Electronic key registration system
US11605253B2 (en) Method for securing a communication between a mobile communication apparatus and a vehicle
CN111527526A (en) Mobile de-whitening
EP3348033A1 (en) A trusted geolocation beacon and a method for operating a trusted geolocation beacon
WO2012010381A1 (en) Method for registering a wireless communication device at a base device and corresponding system
DE112015004886T5 (en) communication device
DE102017211941A1 (en) Method for determining an access authorization to a motor vehicle and authorization system for a motor vehicle
EP3017432B1 (en) Secured communication device for a vehicle and vehicle system
DE102016123998A1 (en) Authentication method and authentication arrangement of a motor vehicle
EP3336736B1 (en) Auxiliary id token for multi-factor authentication
EP3474240A1 (en) Method and system for activating a safety function via an external apparatus
DE112020001900T5 (en) Communication system and communication device
DE102014208974A1 (en) Method for determining information about the distance between two devices and devices and computer programs set up for this purpose
DE102010013554A1 (en) System for securing communication between radio frequency identification (RFID) tag and RFID reader, has determination unit that determines whether safety parameter of communication between tag and reader is within effective range

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190319

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20190814

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20201117

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 502018005199

Country of ref document: DE

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: GERMAN

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1391994

Country of ref document: AT

Kind code of ref document: T

Effective date: 20210615

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG9D

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20210512

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210812

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210913

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210812

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210912

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210813

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 502018005199

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20220215

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210912

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20220309

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20220331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220309

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220331

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220309

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220309

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220331

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220331

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230427

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20180309

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

REG Reference to a national code

Ref country code: AT

Ref legal event code: MM01

Ref document number: 1391994

Country of ref document: AT

Kind code of ref document: T

Effective date: 20230309

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230309

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230309

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210512

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20250331

Year of fee payment: 8